In recent history, portable electronic computing devices have increasingly become an essential tool for capturing, recording, calculating, computing, manipulating, and storing electronic data within the computer industry. Many portable electronic computing devices, for example, current day laptop computers, personal digital assistants, and portable cell phones, provide owners, authorized operators or users with a powerful, portable workspace having capacity for software and hardware technology that equals, or in some cases surpasses, that of non-portable electronic computing devices, such as desktop computers.
Portable electronic computing devices allow for connectivity outside of the host office setting, utilizing local area networks, wide area networks, or other networks—hardwired, wireless, or otherwise. This allows many people the opportunity to take their electronic workspace with them when they find need to travel or work from a remote site. Unfortunately, the mobility that makes portable electronic computing devices so valuable also renders them vulnerable and susceptible to theft. Some have estimated that more than 600,000 laptop computers are stolen in the United States each year. The theft of laptops generates losses of over $750 million annually. Even more alarming, however, is the statistic reporting that the theft of the same 600,000 laptops results in an average loss of $5.4 billion in proprietary and/or confidential information contained in electronic data files that thieves are able to remove from the stolen laptops. Additional annual loss comes from the theft of data that has been stored on alternative types of portable electronic computing devices such as PDA's. Recent thefts of confidential and propriety information, consisting of social security numbers, credit card information, and other personal financial data from stolen corporate and government-owned portable computers, have left thousands at risk for identity theft and the corporate and government entities responsible for such breaches of security potentially liable for untold damages.
While mobility makes portable electronic computing devices vulnerable to theft, it also makes business owners of portable electronic computing devices who issue them to employees vulnerable to the consequences resulting from an inability to locate, inventory, secure, and recover electronic data generated by and stored on portable electronic computing devices issued to employees. This inability to locate, inventory, secure, and recover electronic data stored on portable electronic computing devices issued to employees has recently manifested itself in terms of potential liability that can result from failure to produce documentation contained on electronic computing devices in response to litigation discovery requests in Federal and state courts. New discovery rules issued by Federal and state courts impose harsh penalties—and in some cases practically insurmountable burdens of proof—upon litigants unable to produce electronic data stored on portable electronic computing devices.
The known art has recognized the need for a system that provides protection to portable electronic computing device owners, authorized operators, or users against theft. Many systems of the known art require those who wish to access the proprietary or confidential information stored on a portable electronic computing device to enter a password when prompted, the password having been predetermined by the portable electronic computing device owner, its authorized operator, user, or system administrator. If the correct password is not entered, the system does not allow access to the portable computer's data. Theoretically and ideally, only those authorized to access the computer's electronic data files are aware of the system's password. Unfortunately, it is possible to circumvent passwords by trial and error, use of specialized software, or other methods of entry. Thieves can now determine or “password hack” into a password secured portable electronic computing device over a period of a few hours, days, or weeks depending upon their level of sophistication. Upon doing so such thieves are then able to access the electronic data stored on the portable electronic computing device and thereby gain possession of proprietary and/or confidential information stored on the stolen portable electronic computing device.
The known art has also attempted to protect the proprietary or confidential information stored on portable electronic computing devices by lock and key technology. In these systems, a portable electronic computing device owner, authorized operator or user who wishes to gain access to the portable electronic computing device's proprietary information must first place a key into a receiving body located on the portable electronic computing device. Only with the key in place will the portable electronic computing device operate. The shortcoming of these systems is that because the portable electronic computing devices will not operate without the keys in place, thieves often times find the keys still located within the computers, or conveniently nearby, thus breaching security.
The known art has also attempted to protect the proprietary and/or confidential information stored on portable electronic computing devices by providing systems which seek to physically deter theft of the device itself, and thereby the electronic data stored on the device. For example, security cables have been developed which allow owners, authorized operators or users of portable computers to secure their portable devices to a desired surface. The typical computer cable works by having one end fastened to the portable computer and the other end attached to the work surface being utilized by the computer owner. This form of security is based upon the premise that often thieves steal laptops in order to gain access to the portable computer itself and only take advantage of the proprietary and/or confidential data stored on the computer as an afterthought because it is available and accessible. The theory is that by making theft of the computer more difficult you thereby reduce the possibility that the electronic data on the computer will be compromised. Metal laptop cases which secure portable computers and are then locked in place with a key are another example of a physical method of electronic data protection. Laptop alarm systems, which function by sounding an alarm when a portable computer has been moved from a sedentary position, have also been developed. The inherent problem with all of these systems, which are based upon making the portable electronic computing devices physically inaccessible, is that they eliminate the most attractive feature of the portable electronic computing device, that being its mobility. Additionally, if a thief is only after the confidential or proprietary information on the portable electronic computing device and not the computer itself, it will be possible in many instances for a thief to download and access electronic data from an unattended portable electronic computer onto a disk or other portable electronic data storage vessel.
Systems exist in the known art which aim to protect portable electronic computing devices owners, authorized operators or users from theft by rendering the data stored on portable computers inaccessible. These systems of the known art use software that has been installed on portable computers that allows the computers to be located after they have been stolen, but only if and when the portable electronic computing device has been used to access the internet. The computers must be located on the internet before the system can render the data stored within the portable computer inaccessible. The problem with an internet alert based security system is it requires the portable electronic computing device to access the internet before the device can be tracked and the electronic data rendered inaccessible. Additionally, the owner, authorized operator or user of the portable electronic computing device bears the responsibility for timely reporting the device as being stolen before the system will initiate internet based tracking. The thief of an internet alert based system can potentially access the electronic data stored on a stolen portable electronic computing device without disruption so long as the device is not used to access the internet. This can give a portable electronic computing device thief ample time in which to access confidential and/or proprietary electronic data stored on the device.
The inherent weakness in the security systems in the known art is that the electronic data stored on stolen or misplaced portable electronic computing devices can and often does remain intact and vulnerable to breach for an unlimited period of time. Consequently, portable electronic computing device owners, authorized operators, or users remain at constant risk that proprietary or confidential information stored on their devices will be compromised in the event of theft or misplacement of the devices. In those instances in which the proprietary or confidential information consists of personal financial information, such as social security, credit card, and financial account numbers, the portable electronic computing device owners also remain at constant risk for the potential imposition of substantial legal liability that could result if such stolen personal financial information is used to perpetrate identity theft and fraud upon those whose sensitive data was stored on the portable electronic computing device.
In light of the foregoing problems with the systems of the known art, there is a need for a more effective method and system for protecting electronic data stored within portable electronic computing devices in the event that the devices are stolen, misplaced, etc. While the disclosed system and method is ideal for securing the data stored on portable electronic computing devices, it may also be used to secure data on many electronic computing devices which are not portable. Generally, an exemplary embodiment of the system and method of the present invention protects electronic data stored within electronic computing devices through the use of SELF CANNIBALIZING™ software that operates independently of the electronic computing device owner, authorized operator or user and automatically in accordance with a preset expiration time. The SELF CANNIBALIZING™ software, once installed on a computing device, is capable of causing the launch of a security mechanism within the physical confines and operating system of the electronic computing device. Once launched, the security mechanism secures some or all of the existing electronic data files of the electronic computing device using interactive program code. The interactive program code utilized by the security mechanism may vary depending on how electronic data is stored on an electronic computing device. Additionally, there are a variety of ways that a launched security mechanism may secure the electronic data stored on an electronic computing device depending on the needs, resources, etc. of the owner, authorized operator or user of the electronic computing device.
In an exemplary embodiment of the disclosed system and method, an electronic computing device, remote from a host electronic computing device, is equipped with SELF CANNIBALIZING™ software that is configured with computer readable program code capable of identifying a preset expiration time and automatically causing the launch of a security mechanism at the preset expiration time. In order to prevent the automatic launching of the security mechanism, the owner, authorized operator or user of the remote electronic computing device must electronically log the remote electronic computing device into, synch it up with, or use it to access the authorized password-protected host electronic computing device prior to the preset expiration time. In doing so, complementary administrative software on the password-protected host electronic computing device will automatically reset the expiration time on the remote electronic computing device consistent with predetermined expiration time parameters previously authorized by the system administrator. When the expiration time for the SELF CANNIBALIZING™ software is reset, a new expiration period commences that must pass before it will cause security mechanism to be automatically launched. When the expiration time of the SELF CANNIBALIZING™ software on the remote electronic computing device is not reset by electronically logging into, synching up with, or accessing the authorized password-protected host electronic computing device, the last set expiration time will dictate the automatic launching of the security mechanism. In some exemplary embodiments, a device that is password protected may require a system user to send a preselected password to the device via an electronic pointer such as a keyboard, mouse, etc. However, in some exemplary embodiments a device may be password protected when it permits log in by recognition of a cookie, chip, etc. As one of ordinary skill will recognize upon reading the disclosure of the present system and method there are a variety of ways an electronic device may be password protected.
In an exemplary embodiment, an electronic computing device, is equipped with SELF CANNIBALIZING™ software that is configured with electronic computing device readable program code capable of identifying when an operator has attempted to enter an incorrect password a predetermined number of times within a predetermined time span or when an unauthorized operator or user is attempting to use “password hacking” software. If the unauthorized operator or user of the remote electronic computing device equipped with SELF CANNIBALIZING™ software attempts to enter an incorrect password the predetermined number of times within the predetermined time span or the operator attempts to use “password hacking” software the SELF CANNIBALIZING™ software will automatically cause the launch of a security mechanism within the electronic computing device.
An exemplary disclosed system and method may force an electronic computing device owner, authorized operator or user to be more diligent in securing electronic computing devices by requiring the devices be used to electronically log into, synch up with, or access a password protected host electronic computing device on a periodic basis in order to reset the electronic computing device's SELF CANNIBALIZING™ software. While the disclosed system and method may increase the awareness of the owner, authorized operator or user of an electronic computing device in regards to the whereabouts of the electronic computing device, the system and method may protect an electronic computing device even if the owner, authorized operator or user is unaware the electronic computing device has become the victim of a theft or fails to timely report the theft. Additionally, if an electronic computing device has been stolen, the disclosed system and method may prevent the electronic data stored within the electronic computing device from being accessed, altered, amended, computed, displayed, manipulated, printed, processed, read, replicated, retrieved, restored, transferred, and transmitted, etc., regardless of whether or not the responsible thief uses the device to access the internet.
Exemplary embodiments may be utilized to secure data that has been stored on a portable storage device such as a flash drive, portable hard drive, zip drive, CD, etc. In one example, a portable application of SELF CANNIBALIZING™ software is provided on a portable storage device. The SELF CANNIBALIZING™ software may comprise a current expiration time value, a time value comparator, and a security trigger. The time value comparator may compare the current expiration time value against a time based parameter that may be obtained by the software from either the portable data storage device or from an electronic computing device that is in electronic communication with the portable storage device and attempting to access data that has been stored on the portable data storage device. If the comparison of the current expiration time value with the time based parameter indicates that the expiration time value has been exceeded, the SELF CANNIBALIZING™ software may activate the security trigger. In preferred exemplary embodiments, activation of the security trigger renders certain data that has been stored on the remote storage device inaccessible. In some exemplary embodiments when data has been rendered inaccessible it may be inaccessible because it has been destroyed, corrupted, deleted, overwritten, quarantined, etc. In some exemplary embodiments data is rendered inaccessible when the security mechanism renders at least one operating system of the electronic computing device, which is attempting to access the data, inoperable which may occur in a variety of ways such as, for example, the release of a software adapted to render electronic computing device incapable of accessing the data. There are a variety of security mechanisms that may be utilized. In some exemplary embodiments, the current expiration time value of the portable data storage device may be reset to a later time by using the portable data storage device to access, synching up with, log into, etc. an electronic computing device. In preferred exemplary embodiments, the electronic computing device that may reset the current expiration time value of the portable storage device may be an electronic computing device that is equipped with SELF CANNIBALIZING™ software that comprises its own current expiration time value. In such an exemplary embodiment, the portable storage device and electronic computing device may each have SELF CANNIBALIZING™ software having a current expiration time value where the expiration time values of the two software programs may be different or the same. The current expiration time value of the portable storage device may be reset by accessing the device with the electronic computing device while the current expiration time value pertaining to the electronic computing device may be reset by accessing a host computing device (e.g., a password protected host computing device) such as a website, server, computer, etc. with the electronic computing device.
In addition to the novel features and advantages mentioned above, other benefits will be readily apparent from the following descriptions of the drawings and exemplary embodiments.